CVE-2025-26008

Critical

Published: 26 March 2025

Published

26 March 2025

Modified

01 April 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0041 61.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Security Summary

CVE-2025-26008 is an unauthorized stack overflow vulnerability (CWE-120) in the Telesquare TLR-2005KSH router running firmware version 1.1.4. The issue arises when processing a request to the admin.cgi endpoint with the setSyncTimeHost parameter, allowing buffer overflow conditions without authentication.

A remote attacker requires no privileges, user interaction, or special access, as indicated by the CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By sending a specially crafted HTTP request to the vulnerable admin.cgi parameter, an unauthenticated attacker over the network can trigger the stack overflow, potentially leading to arbitrary code execution, full system compromise, and high impacts on confidentiality, integrity, and availability.

Mitigation details and additional technical information are available in the referenced advisory at https://github.com/Fan-24/Digging/blob/main/2/1.md.

Details

CWE(s): CWE-120

Affected Products

telesquare

tlr-2005ksh firmware

1.1.4

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Unauthenticated remote stack overflow in public-facing admin.cgi web endpoint on router directly enables T1190 for arbitrary code execution and full compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/Fan-24/Digging/blob/main/2/1.md
Broken Link · cve@mitre.org